DESCRIPTION

The LWPx::ParanoidAgent is a class subclassing LWP::UserAgent, but paranoid against attackers. It's to be used when you're fetching a remote resource on behalf of a possibly malicious user.

This class can do whatever LWP::UserAgent can (callbacks, uploads from files, etc), except proxy support is explicitly removed, because in that case you should do your paranoia at your proxy.

Also, the schemes are limited to http and https, which are mapped to LWPx::Protocol::http_paranoid and LWPx::Protocol::https_paranoid, respectively, which are forked versions of the same ones without the "_paranoid". Subclassing them didn't look possible, as they were essentially just one huge function.

This class protects you from connecting to internal IP ranges (unless you whitelist them), hostnames/IPs that you blacklist, remote webserver tarpitting your process (the timeout parameter is changed to be a global timeout over the entire process), and all combinations of redirects and DNS tricks to otherwise tarpit and/or connect to internal resources.

CONSTRUCTOR

new

my $ua = LWPx::ParanoidAgent->new([ %opts ]);

In addition to any constructor options from LWP::UserAgent, you may also set blocked_hosts (to an arrayref), whitelisted_hosts (also an arrayref), and resolver, a Net::DNS::Resolver object.

METHODS

Get/set the the list of blocked hosts. The items in @host_list may be compiled regular expressions (with qr//), code blocks, or scalar literals. In any case, the thing that is match, passed in, or compared (respectively), is all of the given hostname, given IP address, and IP address in canonical a.b.c.d decimal notation. So if you want to block "1.2.3.4" and the user entered it in a mix of network/host form in a mix of decimal/octal/hex, you need only block "1.2.3.4" and not worry about the details.

$csr->whitelisted_hosts(@host_list)

$csr->whitelisted_hosts

Like blocked hosts, but matching the hosts/IPs that bypass blocking checks. The only difference is the IP address isn't canonicalized before being whitelisted-matched, mostly because it doesn't make sense for somebody to enter in a good address in a subversive way.

ISSUES

WARRANTY

This module is supplied "as-is" and comes with no warranty, expressed or implied. It tries to protect you from harm, but maybe it will. Maybe it will destroy your data and your servers. You'd better audit it and send me bug reports.